<?xml version="1.0" encoding="ascii"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
          "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>genshi.filters.html.HTMLSanitizer</title>
  <link rel="stylesheet" href="epydoc.css" type="text/css" />
  <script type="text/javascript" src="epydoc.js"></script>
</head>

<body bgcolor="white" text="black" link="blue" vlink="#204080"
      alink="#204080">
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="genshi-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Project homepage -->
      <th class="navbar" align="right" width="100%">
        <table border="0" cellpadding="0" cellspacing="0">
          <tr><th class="navbar" align="center"
            ><a class="navbar" target="_top" href="../index.html">Documentation Index</a></th>
          </tr></table></th>
  </tr>
</table>
<table width="100%" cellpadding="0" cellspacing="0">
  <tr valign="top">
    <td width="100%">
      <span class="breadcrumbs">
        <a href="genshi-module.html">Package&nbsp;genshi</a> ::
        <a href="genshi.filters-module.html">Package&nbsp;filters</a> ::
        <a href="genshi.filters.html-module.html">Module&nbsp;html</a> ::
        Class&nbsp;HTMLSanitizer
      </span>
    </td>
    <td>
      <table cellpadding="0" cellspacing="0">
        <!-- hide/show private -->
      </table>
    </td>
  </tr>
</table>
<!-- ==================== CLASS DESCRIPTION ==================== -->
<h1 class="epydoc">Class HTMLSanitizer</h1><p class="nomargin-top"></p>
<pre class="base-tree">
object --+
         |
        <strong class="uidshort">HTMLSanitizer</strong>
</pre>

<hr />
<p>A filter that removes potentially dangerous HTML tags and attributes
from the stream.</p>
<pre class="py-doctest">
<span class="py-prompt">&gt;&gt;&gt; </span><span class="py-keyword">from</span> genshi <span class="py-keyword">import</span> HTML
<span class="py-prompt">&gt;&gt;&gt; </span>html = HTML(<span class="py-string">'&lt;div&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;&lt;/div&gt;'</span>)
<span class="py-prompt">&gt;&gt;&gt; </span><span class="py-keyword">print</span> html | HTMLSanitizer()
<span class="py-output">&lt;div/&gt;</span></pre>
<p>The default set of safe tags and attributes can be modified when the filter
is instantiated. For example, to allow inline <tt class="rst-docutils literal"><span class="pre">style</span></tt> attributes, the
following instantation would work:</p>
<pre class="py-doctest">
<span class="py-prompt">&gt;&gt;&gt; </span>html = HTML(<span class="py-string">'&lt;div style=&quot;background: #000&quot;&gt;&lt;/div&gt;'</span>)
<span class="py-prompt">&gt;&gt;&gt; </span>sanitizer = HTMLSanitizer(safe_attrs=HTMLSanitizer.SAFE_ATTRS | set([<span class="py-string">'style'</span>]))
<span class="py-prompt">&gt;&gt;&gt; </span><span class="py-keyword">print</span> html | sanitizer
<span class="py-output">&lt;div style=&quot;background: #000&quot;/&gt;</span></pre>
<p>Note that even in this case, the filter <em>does</em> attempt to remove dangerous
constructs from style attributes:</p>
<pre class="py-doctest">
<span class="py-prompt">&gt;&gt;&gt; </span>html = HTML(<span class="py-string">'&lt;div style=&quot;background: url(javascript:void); color: #000&quot;&gt;&lt;/div&gt;'</span>)
<span class="py-prompt">&gt;&gt;&gt; </span><span class="py-keyword">print</span> html | sanitizer
<span class="py-output">&lt;div style=&quot;color: #000&quot;/&gt;</span></pre>
<p>This handles HTML entities, unicode escapes in CSS and Javascript text, as
well as a lot of other things. However, the style tag is still excluded by
default because it is very hard for such sanitizing to be completely safe,
especially considering how much error recovery current web browsers perform.</p>

<hr />
<div class="fields">      <p><strong>Warning:</strong>
        Note that this special processing of CSS is currently only applied to
style attributes, <strong>not</strong> style elements.
      </p>
</div><!-- ==================== INSTANCE METHODS ==================== -->
<a name="section-InstanceMethods"></a>
<table class="summary" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td align="left" colspan="2" class="table-header">
    <span class="table-header">Instance Methods</span></td>
</tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="genshi.filters.html.HTMLSanitizer-class.html#__init__" class="summary-sig-name">__init__</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">safe_tags</span>=<span class="summary-sig-default"><code class="variable-group">frozenset([</code><code class="variable-quote">'</code><code class="variable-string">a</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">abbr</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">acronym</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">address</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">area</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">b</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">bi</code><code class="variable-ellipsis">...</code></span>,
        <span class="summary-sig-arg">safe_attrs</span>=<span class="summary-sig-default"><code class="variable-group">frozenset([</code><code class="variable-quote">'</code><code class="variable-string">abbr</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">accept</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">accept-charset</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">accesskey</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">a</code><code class="variable-ellipsis">...</code></span>,
        <span class="summary-sig-arg">safe_schemes</span>=<span class="summary-sig-default"><code class="variable-group">frozenset([</code>None<code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">file</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">ftp</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">http</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">https</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">mailto</code><code class="variable-quote">'</code><code class="variable-group">])</code></span>,
        <span class="summary-sig-arg">uri_attrs</span>=<span class="summary-sig-default"><code class="variable-group">frozenset([</code><code class="variable-quote">'</code><code class="variable-string">action</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">background</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">dynsrc</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">href</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">lowsrc</code><code class="variable-quote">'</code><code class="variable-op">,</code><code class="variable-ellipsis">...</code></span>)</span><br />
      Create the sanitizer.</td>
          <td align="right" valign="top">
            
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="genshi.filters.html.HTMLSanitizer-class.html#__call__" class="summary-sig-name">__call__</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">stream</span>)</span><br />
      Apply the filter to the given stream.</td>
          <td align="right" valign="top">
            
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type"><code class="link">bool</code></span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="genshi.filters.html.HTMLSanitizer-class.html#is_safe_uri" class="summary-sig-name">is_safe_uri</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">uri</span>)</span><br />
      Determine whether the given URI is to be considered safe for
inclusion in the output.</td>
          <td align="right" valign="top">
            
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type"><code class="link">list</code></span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="genshi.filters.html.HTMLSanitizer-class.html#sanitize_css" class="summary-sig-name">sanitize_css</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">text</span>)</span><br />
      Remove potentially dangerous property declarations from CSS code.</td>
          <td align="right" valign="top">
            
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
  <tr>
    <td colspan="2" class="summary">
    <p class="indent-wrapped-lines"><b>Inherited from <code>object</code></b>:
      <code>__delattr__</code>,
      <code>__getattribute__</code>,
      <code>__hash__</code>,
      <code>__new__</code>,
      <code>__reduce__</code>,
      <code>__reduce_ex__</code>,
      <code>__repr__</code>,
      <code>__setattr__</code>,
      <code>__str__</code>
      </p>
    </td>
  </tr>
</table>
<!-- ==================== CLASS VARIABLES ==================== -->
<a name="section-ClassVariables"></a>
<table class="summary" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td align="left" colspan="2" class="table-header">
    <span class="table-header">Class Variables</span></td>
</tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a href="genshi.filters.html.HTMLSanitizer-class.html#SAFE_TAGS" class="summary-name">SAFE_TAGS</a> = <code title="frozenset(['a',
           'abbr',
           'acronym',
           'address',
           'area',
           'b',
           'big',
           'blockquote',
..."><code class="variable-group">frozenset([</code><code class="variable-quote">'</code><code class="variable-string">a</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">abbr</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">acronym</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">address</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">are</code><code class="variable-ellipsis">...</code></code>
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a href="genshi.filters.html.HTMLSanitizer-class.html#SAFE_ATTRS" class="summary-name">SAFE_ATTRS</a> = <code title="frozenset(['abbr',
           'accept',
           'accept-charset',
           'accesskey',
           'action',
           'align',
           'alt',
           'axis',
..."><code class="variable-group">frozenset([</code><code class="variable-quote">'</code><code class="variable-string">abbr</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">accept</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">accept-charset</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">a</code><code class="variable-ellipsis">...</code></code>
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a href="genshi.filters.html.HTMLSanitizer-class.html#SAFE_SCHEMES" class="summary-name">SAFE_SCHEMES</a> = <code title="frozenset([None, 'file', 'ftp', 'http', 'https', 'mailto'])"><code class="variable-group">frozenset([</code>None<code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">file</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">ftp</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">http</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">https</code><code class="variable-quote">'</code><code class="variable-ellipsis">...</code></code>
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a href="genshi.filters.html.HTMLSanitizer-class.html#URI_ATTRS" class="summary-name">URI_ATTRS</a> = <code title="frozenset(['action', 'background', 'dynsrc', 'href', 'lowsrc', 'src'])"><code class="variable-group">frozenset([</code><code class="variable-quote">'</code><code class="variable-string">action</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">background</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">dynsrc</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">href</code><code class="variable-ellipsis">...</code></code>
    </td>
  </tr>
</table>
<!-- ==================== INSTANCE VARIABLES ==================== -->
<a name="section-InstanceVariables"></a>
<table class="summary" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td align="left" colspan="2" class="table-header">
    <span class="table-header">Instance Variables</span></td>
</tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a name="safe_tags"></a><span class="summary-name">safe_tags</span><br />
      The set of tag names that are considered safe.
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a name="safe_attrs"></a><span class="summary-name">safe_attrs</span><br />
      The set of attribute names that are considered safe.
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a name="uri_attrs"></a><span class="summary-name">uri_attrs</span><br />
      The set of names of attributes that may contain URIs.
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a name="safe_schemes"></a><span class="summary-name">safe_schemes</span><br />
      The set of URI schemes that are considered safe.
    </td>
  </tr>
</table>
<!-- ==================== PROPERTIES ==================== -->
<a name="section-Properties"></a>
<table class="summary" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td align="left" colspan="2" class="table-header">
    <span class="table-header">Properties</span></td>
</tr>
  <tr>
    <td colspan="2" class="summary">
    <p class="indent-wrapped-lines"><b>Inherited from <code>object</code></b>:
      <code>__class__</code>
      </p>
    </td>
  </tr>
</table>
<!-- ==================== METHOD DETAILS ==================== -->
<a name="section-MethodDetails"></a>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td align="left" colspan="2" class="table-header">
    <span class="table-header">Method Details</span></td>
</tr>
</table>
<a name="__init__"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">__init__</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">safe_tags</span>=<span class="sig-default"><code class="variable-group">frozenset([</code><code class="variable-quote">'</code><code class="variable-string">a</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">abbr</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">acronym</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">address</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">area</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">b</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">bi</code><code class="variable-ellipsis">...</code></span>,
        <span class="sig-arg">safe_attrs</span>=<span class="sig-default"><code class="variable-group">frozenset([</code><code class="variable-quote">'</code><code class="variable-string">abbr</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">accept</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">accept-charset</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">accesskey</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">a</code><code class="variable-ellipsis">...</code></span>,
        <span class="sig-arg">safe_schemes</span>=<span class="sig-default"><code class="variable-group">frozenset([</code>None<code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">file</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">ftp</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">http</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">https</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">mailto</code><code class="variable-quote">'</code><code class="variable-group">])</code></span>,
        <span class="sig-arg">uri_attrs</span>=<span class="sig-default"><code class="variable-group">frozenset([</code><code class="variable-quote">'</code><code class="variable-string">action</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">background</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">dynsrc</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">href</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">lowsrc</code><code class="variable-quote">'</code><code class="variable-op">,</code><code class="variable-ellipsis">...</code></span>)</span>
    <br /><em class="fname">(Constructor)</em>
  </h3>
  </td><td align="right" valign="top"
    >&nbsp;
    </td>
  </tr></table>
  
  <p>Create the sanitizer.</p>
<p>The exact set of allowed elements and attributes can be configured.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>safe_tags</code></strong> - a set of tag names that are considered safe</li>
        <li><strong class="pname"><code>safe_attrs</code></strong> - a set of attribute names that are considered safe</li>
        <li><strong class="pname"><code>safe_schemes</code></strong> - a set of URI schemes that are considered safe</li>
        <li><strong class="pname"><code>uri_attrs</code></strong> - a set of names of attributes that contain URIs</li>
    </ul></dd>
    <dt>Overrides:
        object.__init__
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="__call__"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">__call__</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">stream</span>)</span>
    <br /><em class="fname">(Call operator)</em>
  </h3>
  </td><td align="right" valign="top"
    >&nbsp;
    </td>
  </tr></table>
  
  Apply the filter to the given stream.
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>stream</code></strong> - the markup event stream to filter</li>
    </ul></dd>
  </dl>
</td></tr></table>
</div>
<a name="is_safe_uri"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">is_safe_uri</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">uri</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    >&nbsp;
    </td>
  </tr></table>
  
  <p>Determine whether the given URI is to be considered safe for
inclusion in the output.</p>
<p>The default implementation checks whether the scheme of the URI is in
the set of allowed URIs (<a href="genshi.filters.html.HTMLSanitizer-class.html#safe_schemes" class="link">safe_schemes</a>).</p>
<pre class="py-doctest">
<span class="py-prompt">&gt;&gt;&gt; </span>sanitizer = HTMLSanitizer()
<span class="py-prompt">&gt;&gt;&gt; </span>sanitizer.is_safe_uri(<span class="py-string">'http://example.org/'</span>)
<span class="py-output">True</span>
<span class="py-output"></span><span class="py-prompt">&gt;&gt;&gt; </span>sanitizer.is_safe_uri(<span class="py-string">'javascript:alert(document.cookie)'</span>)
<span class="py-output">False</span></pre>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>uri</code></strong> - the URI to check</li>
    </ul></dd>
    <dt>Returns: <code class="link">bool</code></dt>
        <dd><code class="link">True</code> if the URI can be considered safe, <code class="link">False</code> otherwise</dd>
  </dl>
<div class="fields">      <p><strong>Since:</strong>
        version 0.4.3
      </p>
</div></td></tr></table>
</div>
<a name="sanitize_css"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">sanitize_css</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">text</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    >&nbsp;
    </td>
  </tr></table>
  
  <p>Remove potentially dangerous property declarations from CSS code.</p>
<p>In particular, properties using the CSS <tt class="rst-docutils literal"><span class="pre">url()</span></tt> function with a scheme
that is not considered safe are removed:</p>
<pre class="py-doctest">
<span class="py-prompt">&gt;&gt;&gt; </span>sanitizer = HTMLSanitizer()
<span class="py-prompt">&gt;&gt;&gt; </span>sanitizer.sanitize_css(u<span class="py-string">'''</span>
<span class="py-more">... </span><span class="py-string">  background: url(javascript:alert(&quot;foo&quot;));</span>
<span class="py-more">... </span><span class="py-string">  color: #000;</span>
<span class="py-more">... </span><span class="py-string">'''</span>)
<span class="py-output">[u'color: #000']</span></pre>
<p>Also, the proprietary Internet Explorer function <tt class="rst-docutils literal"><span class="pre">expression()</span></tt> is
always stripped:</p>
<pre class="py-doctest">
<span class="py-prompt">&gt;&gt;&gt; </span>sanitizer.sanitize_css(u<span class="py-string">'''</span>
<span class="py-more">... </span><span class="py-string">  background: #fff;</span>
<span class="py-more">... </span><span class="py-string">  color: #000;</span>
<span class="py-more">... </span><span class="py-string">  width: e/**/xpression(alert(&quot;foo&quot;));</span>
<span class="py-more">... </span><span class="py-string">'''</span>)
<span class="py-output">[u'background: #fff', u'color: #000']</span></pre>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>text</code></strong> - the CSS text; this is expected to be <code class="link">unicode</code> and to not
contain any character or numeric references</li>
    </ul></dd>
    <dt>Returns: <code class="link">list</code></dt>
        <dd>a list of declarations that are considered safe</dd>
  </dl>
<div class="fields">      <p><strong>Since:</strong>
        version 0.4.3
      </p>
</div></td></tr></table>
</div>
<br />
<!-- ==================== CLASS VARIABLE DETAILS ==================== -->
<a name="section-ClassVariableDetails"></a>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td align="left" colspan="2" class="table-header">
    <span class="table-header">Class Variable Details</span></td>
</tr>
</table>
<a name="SAFE_TAGS"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <h3 class="epydoc">SAFE_TAGS</h3>
  
  <dl class="fields">
  </dl>
  <dl class="fields">
    <dt>Value:</dt>
      <dd><table><tr><td><pre class="variable">
<code class="variable-group">frozenset([</code><code class="variable-quote">'</code><code class="variable-string">a</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">abbr</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">acronym</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">address</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">area</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">b</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">big</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">blockquote</code><code class="variable-quote">'</code><code class="variable-op">,</code>
<code class="variable-ellipsis">...</code>
</pre></td></tr></table>
</dd>
  </dl>
</td></tr></table>
</div>
<a name="SAFE_ATTRS"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <h3 class="epydoc">SAFE_ATTRS</h3>
  
  <dl class="fields">
  </dl>
  <dl class="fields">
    <dt>Value:</dt>
      <dd><table><tr><td><pre class="variable">
<code class="variable-group">frozenset([</code><code class="variable-quote">'</code><code class="variable-string">abbr</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">accept</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">accept-charset</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">accesskey</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">action</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">align</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">alt</code><code class="variable-quote">'</code><code class="variable-op">,</code>
           <code class="variable-quote">'</code><code class="variable-string">axis</code><code class="variable-quote">'</code><code class="variable-op">,</code>
<code class="variable-ellipsis">...</code>
</pre></td></tr></table>
</dd>
  </dl>
</td></tr></table>
</div>
<a name="SAFE_SCHEMES"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <h3 class="epydoc">SAFE_SCHEMES</h3>
  
  <dl class="fields">
  </dl>
  <dl class="fields">
    <dt>Value:</dt>
      <dd><table><tr><td><pre class="variable">
<code class="variable-group">frozenset([</code>None<code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">file</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">ftp</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">http</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">https</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">mailto</code><code class="variable-quote">'</code><code class="variable-group">])</code>
</pre></td></tr></table>
</dd>
  </dl>
</td></tr></table>
</div>
<a name="URI_ATTRS"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <h3 class="epydoc">URI_ATTRS</h3>
  
  <dl class="fields">
  </dl>
  <dl class="fields">
    <dt>Value:</dt>
      <dd><table><tr><td><pre class="variable">
<code class="variable-group">frozenset([</code><code class="variable-quote">'</code><code class="variable-string">action</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">background</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">dynsrc</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">href</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">lowsrc</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">src</code><code class="variable-quote">'</code><code class="variable-group">])</code>
</pre></td></tr></table>
</dd>
  </dl>
</td></tr></table>
</div>
<br />
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="genshi-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Project homepage -->
      <th class="navbar" align="right" width="100%">
        <table border="0" cellpadding="0" cellspacing="0">
          <tr><th class="navbar" align="center"
            ><a class="navbar" target="_top" href="../index.html">Documentation Index</a></th>
          </tr></table></th>
  </tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="100%%">
  <tr>
    <td align="left" class="footer">
    Generated by Epydoc 3.0.1 on Wed Jul  9 18:16:20 2008
    </td>
    <td align="right" class="footer">
      <a target="mainFrame" href="http://epydoc.sourceforge.net"
        >http://epydoc.sourceforge.net</a>
    </td>
  </tr>
</table>

<script type="text/javascript">
  <!--
  // Private objects are initially displayed (because if
  // javascript is turned off then we want them to be
  // visible); but by default, we want to hide them.  So hide
  // them unless we have a cookie that says to show them.
  checkCookie();
  // -->
</script>
</body>
</html>
